Wow - that's a weird requirement - JUST the initial packets? TCP is obviously way more easy than the others - which I'm not sure how you would consistently and accurately do that with sessionless protocols.
What do you mean "find"? As in capture/store the packets themselves or just record the session info? Ntop / libpcap supports BPF filters, so maybe you could build a filter to only capture the packets you want. Again, not sure how you will accomplish this with ICMP and UDP; even with a temporal operative it's unlikely to be very accurate. But I could be wrong, so maybe post your thoughts? G ________________________________ From: [email protected] [mailto:[email protected]] On Behalf Of Melnik, Gregory Sent: Wednesday, October 19, 2011 2:08 PM To: [email protected] Subject: [Ntop] Packets that initiate connection I need to find packets that initiate a session (TCP, UDP, ICMP) between pair of hosts. It does not have to be in real time. Does anybody know if ntop has such feature, and if yes, how to do so? The output I am looking for should include hosts' IP/names and port numbers involved in establishing of session. I am new to ntop, but have some experience with WireShark. Thanks, Greg <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font>
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
